Wordpress security check

WordPress Security Check – Plugins Could Leave Online Shoppers and Businesses Vulnerable On Cyber Monday

Nov 22, 2016 By Paul Curran

As American shoppers gear up for the biggest shopping weekend of the year – the perfect storm of Thanksgiving Day, Black Friday and Cyber Monday- more and more shoppers are preparing to do their purchasing online from the comfort of their homes.

 

In order to gain a better understanding of the potential threats posed by the hundreds of thousands of websites which utilize e-commerce plugins, the Checkmarx research lab used CxSAST, Checkmarx’s static code analysis solution, to run a scan WordPress security check of the most used WordPress e-commerce plugins in the weeks leading up to Cyber Monday.

WordPress Security Check: Plugins used by over 100,000 websites could be vulnerable

Our research focused specifically on scanning for high-level vulnerabilities and 12 WordPress e-commerce plugins were scanned during our research which was conducted throughout the first half of November 2016.

Download our free research report below to learn:

  • How many out of the top 12 WordPress e-commerce plugins contain vulnerabilities
  • Which vulnerabilities were found during our research and the impact they can have on business
  • What organizations using plugins can do to ensure their sites remain secure
  • Tips for online shoppers to stay safe while shopping on Cyber Monday

DOWNLOAD PDF



 

What are the latest and greatest WP vulnerabilities?

The most notable WordPress vulnerability that came to light in 2016 is the suspected role that an unpatched version of the Revolution Image Slider WordPress Plugin played in the release of over 11.5 million documents and 2.6TB of data in the notorious Panama Papers Leak affecting Mossack-Fonseca in April 2016.

In June 2016, attackers had exploited an unpatched vulnerability in the WP Mobile Detector plug-in installed on over 10,000 websites which allowed hackers to remotely upload arbitrary files to the Web server. Many vulnerable sites were infected with porn spam doorways.

WP Security: Tips for Businesses Working with WordPress Plugins

When it comes to security issues facing WordPress security, plugins should be a major concern.Businesses using WordPress e-commerce plugins take certain steps to avoid introducing risks into their websites.

Regardless of the size of your business, it’s critical to only download plugins from trusted sources, and, in this case, WordPress.org should be the only place where you download plugins as the ease of which WordPress plugins are developed makes nefarious plugins a favorite for hackers.

Since WordPress plugins are open-source, it’s possible to scan the source code with a static source code analysis solution in order to ensure that it is vulnerability free. It’s also important to ensure that all plugins stay up to date and to stay on top of any WordPress vulnerabilities through the WordPress Vulnerability Database.

 

The following two tabs change content below.

Paul Curran

Content Specialist at Checkmarx
With a background in mobile applications, Paul brings a passion for creativity reporting on application security trends, news and security issues facing developers, organizations and end users to Checkmarx's content.

Latest posts by Paul Curran (see all)

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.